The General Data Protection Regulation (GDPR) is concerned with the personal information about you that is collected, stored and shared. This privacy notice details our GDPR policy so that you can feel confident about what is done with your information. GDPR is a law and it is about ensuring that individuals feel safe and knowledgeable about how others use information they hold. If anything does not make sense or isn’t clear, please do ask any questions. The lead therapist of My Thinking Space is known as the ‘data controller’ of the personal information you provide us with.
Contact Details; My Thinking Space Email address: email@example.com
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing firstname.lastname@example.org
2.WHAT PERSONAL INFORMATION DO WE COLLECT ABOUT YOU
Personal information means any information capable of identifying an individual. It does not include anonymised information. We may collect the following types of personal information about you including:
● Identity - may include your full name, date of birth and gender.
● Contact - may include your address, email address and telephone numbers (including permission to send text messages and leave voice messages).
● Financial - may include your bank account and payment card details.
● Transaction - may include details about payments made to us. We also need to collect the following sensitive information about you in order to deliver our services:
● Information about your health [including your GP name and address and any other health professionals with whom you may be involved, health history and current health situation].
● Information about education provider or place of work.
● Summary of your sessions.
● Any emails you send. We require your explicit consent for processing sensitive information, so when you submit your details, we will send you a further communication asking for you to confirm your consent to this processing. Where we are required to collect personal information by law, or under the terms of the contract between us and you do not provide us with that information when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested information, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time. For example, sometimes it may be important for us to be able to contact other professionals who are supporting you (for e.g. your GP), if we do not have this information we may not be able to continue to offer you a service. Should this happen we would always talk to you about this first. We will not collect any personal information from you that we do not need in order to provide our service to you.
3. HOW WE COLLECT YOUR PERSONAL INFORMATION
We collect information about you through a variety of different methods including: Direct interactions: You may provide information by filling in forms on our site or by communicating with us by post, phone, E-mail or otherwise, including when you:
• order our services
• give us feedback
Automated technologies or interactions: As you use our site, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies.
4. HOW WE USE YOUR PERSONAL INFORMATION;
We will only use your personal information when legally permitted. The most common uses of your personal data are:
To provide the service agreed with us
Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests
Where we need to comply with a legal or regulatory obligation. Purposes for processing your personal information Set out below is a description of the ways we intend to use your personal information and the legal grounds on which we will process such information.
We have also explained what our legitimate interests are where relevant. We may process your personal information for more than one lawful ground, depending on the specific purpose for which it is being used. Please contact us at email@example.com if you need details about the specific legal ground we are relying on to process your personal information where more than one ground has been set out in the table below.
Purpose/Activity Type of information Lawful basis for processing
5. DISCLOSURES OF YOUR PERSONAL INFORMATION
We may have to share your personal information with the parties set out below
• Service providers who provide IT and system administration services.
• Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances. We require all third parties to whom we transfer your information to respect the security of your personal information and to treat it in accordance with the law.
We only allow such third parties to process your personal information for specified purposes and in accordance with our instructions;
Consultation and Supervision: Your therapist will receive monthly supervision with other Clinical Psychologists. This is to ensure high quality clinical practice and is a standard part of being a Clinical Psychologist. In order to protect your privacy, the supervisor will not know you personally or professionally and you will be referred to by your first name only. Your information may be referred to verbally when it is helpful to professional processes.
Emergencies; If you are thought to be at risk in any way, your information may be shared with an emergency healthcare service (e.g. GP, Mental healthcare crisis team) or with a Social Worker (however we would always endeavour to discuss this with you in advance). If your therapist has become aware of any intent by you to cause harm to another person or organisation (e.g. terrorism), the law may require that they inform an authority without seeking your permission. In such a situation, the law may require that your personal information is shared without your knowledge.
Therapeutic Will: Your name and contact details will be shared with your Clinical psychologist’s Therapeutic Executor. This is so that you can be contacted in the event of their death should you be receiving therapy from them.
6. DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will hold onto your written information for 7 years past the end of our working together, or until you are aged 25 if you are under 18 years of age. This is so that we have a reference of our work in situations such as you returning to therapy in the future. After this time has passed, written information will be shredded. We are required by UK tax law to keep your basic personal information (including name, address, contact and financial details) for a minimum of six years after which time it will be destroyed. In some circumstances you can ask us to delete your data: see below for further information.
8. YOUR LEGAL RIGHTS
You have rights under data protection laws in relation to your personal
information. These include the right to:
• Be informed about what information is held about you (i.e. this document)
• Request access to your personal information – to see what information is held about you (free of charge for the initial request).
• Request correction of your personal information – rectify any inaccuracies or incomplete personal information
• Request your personal information be erased (although we can decline whilst the information is needed to practice lawfully and competently).
• Object to processing of your personal information.
• Request restriction of processing your personal information.
• Request transfer of your personal information.
• Right to withdraw consent for us to use your personal information You can see more about these rights at:
If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
9. THIRD-PARTY LINKS
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share information about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Last Updated 13th November 2020